Best DNS Server you can Self-Host in 2023
Choosing a DNS Server for your home network or home lab environment is crucial to performance and security. There are many public DNS servers that can be used for DNS queries. However, in this post, we will look at the best DNS server you can self-host, with five options for the best features, security, and performance.
Table of contents
Selecting the Best DNS Servers
When searching for the best DNS servers, several factors come into play. These include the server’s ability to manage DNS queries efficiently, its compatibility with different IP addresses, and their ability to implement secure DNS services. Also, in addition to running a firewall, DNS servers can provide controls in blocking malicious websites and phishing sites, spyware, and other threats, in addition to content filtering for kids is important.
Many well-known public DNS servers exist for lookups, from well-known options like Google DNS, OpenDNS, quad9, and Cloudflare DNS to more specialized services like Comodo Secure DNS, or even the default DNS servers from your ISP as an option. These are great DNS options for systems as they have protection built in from things like DDoS, cyberattacks, and other threats.
However, in addition to these public DNS providers, let’s dive into the best free DNS service solutions you can self-host in your home network or home lab environment and the features of each. Note the following example solutions in the list:
- Technitium
- Pihole with Unbound
- PowerDNS
- Adguard
- BIND
1. Technitium: Customizability and Control
Technitium is a great DNS server. It is one of those solutions that stands out due to great features, ease of installation and configuration and the features and capabilities it has. I wrote a blog post covering Technitium here if you would like to see my thoughts on standing it up in the home lab and configuring it as a recursive DNS server for your network: Technitium DNS Server in Docker: Is this the Best Home Server DNS?.
It has a wide range of features, like DNSSEC support and the ability to create multiple conditional forwarding zones, which is great for home labbers. I found this to be one of the best open-source DNS solutions I have used. You can look at additional information, but Technitium is highly regarded by many in the community.
Feature | Description |
---|---|
Platform Support | Windows, Linux, macOS, Raspberry Pi, Docker |
DNS Protocols | DNS-over-HTTPS, DNS-over-TLS, DNS-over-QUIC |
Performance | High performance; over 100,000 requests/second |
DNSSEC Support | Yes, with RSA & ECDSA algorithms |
Advanced Caching | Serve stale, prefetching, auto prefetching |
Zone Support | Primary, Secondary, Stub, Conditional Forwarder |
Ad Blocking | Built-in at DNS level |
Forwarders | Manual or predefined list (CloudFlare, Google, etc.) |
Extensibility | Built-in app store for extensions |
Pros and Features:
- Free and open-source, runs on multiple platforms including Windows, Linux, macOS, and Raspberry Piโโ.
- Supports DNS-over-HTTPS, DNS-over-TLS, and DNS-over-QUICโโ.
- High-performance, handling millions of requests per minuteโโ.
- Features like DNSSEC validation, advanced caching, and support for various zone typesโโ.
- Built-in ad blocking at the DNS levelโโ.
- Configurable forwarders with a list of public DNS servicesโโ.
- Built-in app “store” for feature extensionsโโ.
- Multiple conditional forwarder zones
Cons:
- It may have a steeper learning curve than other solutions
2. PiHole with Unbound: The Ad-Blocking Duo
Combining PiHole with Unbound is a great way to block ads and improving browsing speed, compared to using DNS settings from Internet Service Providers for DNS request and DNS query services. It can also provide protection and block things like malware. PiHole filters content at the DNS level, while Unbound provides a recursive DNS server that is quick and secure, using secure DNS and caching. Pi-hole is great for family protection and keeping your kids safe.
Check out the best Pi-Hole adlists in 2023 here: Best Pihole Adlists in 2023.
Feature | Description |
---|---|
Privacy | Enhanced privacy by hosting locally |
Security | Reduced DNS poisoning attack risk |
Caching | Efficient caching for minimized queries |
Blocking Lists | Applies blocking lists for ad and tracker blocking |
Recursive DNS | Operates a private recursive DNS server |
Conditional Forwarder | Provides conditional forwarding for (1) domain |
Pros:
- Enhanced privacy by allowing direct contact with responsive servers, reducing trackingโโ.
- Reduced risk of DNS poisoning attacks by operating a private recursive DNS serverโโ.
Cons:
- With Pi-Hole you can only conditionally forward 1 domain name
- More difficult to setup using unbound than just Pi-Hole by itself
3. PowerDNS: The Versatile Solution
PowerDNS is used by many, even ISPs. It’s an ideal choice for a DNS server that can efficiently handle a high volume of DNS queries (probably overkill for DNS at home, but no harm there). It has advanced features that cater to both beginner users and experienced admins. It can also use a backend database for data and reporting.
Feature | Description |
---|---|
Performance | High performance and scalability |
Flexible Backends | Supports multiple backend databases |
DNSSEC Support | Complete DNSSEC support |
Dynamic Updates | Allows authorized clients to modify DNS records |
API Integration | Comes with an HTTP-based API |
Geo-Redundancy | Geographical load balancing and failover capabilities |
Use Cases | Suitable for enterprises, service providers, and security-focused organizations |
Pros:
- High performance and scalability, handling many queries per secondโโ.
- Supports multiple backend databases, offering flexibility and modular architectureโโ.
- Complete DNSSEC support, enhancing securityโโ.
- Features dynamic updates and API integrationโโ.
- Geo-redundancy capabilities, improving performance and resilienceโโ.
- Suitable for various use cases, including complex DNS infrastructures and security-focused organizationsโโ
Cons:
- More difficult to setup than some of the other solutions
- You have to configure a GUI in addition to the DNS solution
4. AdGuard Home: Privacy and Security First
AdGuard Home focuses on privacy and security. It can block ads but also protect against tracking and phishing. It is effective for those concerned about internet security and maintaining a family-friendly online environment parents and kids with blocking lists that block based on different categories, etc.
If you would like to install Adguard, check out my tutorial here: Adguard Home Docker Compose with Traefik Ingress.
Feature | Description |
---|---|
Ad Blocking | Blocks ads and trackers before download |
Parental Controls | Built-in controls |
User Interface | Clean UI and logically structured menu |
Platform Support | Runs on almost every operating system |
Compatibility | Works with devices lacking ad blocker support |
Pros:
- Blocks ads and trackers before theyโre downloadedโโ.
- Includes built-in parental controlsโโ.
- Features a clean UI and logically structured menuโโ.
- Open source and under rapid developmentโโ.
- Runs on almost every operating system without needing powerful hardwareโโ.
- Works with devices that donโt support ad blockers, like smart TVsโโ.
Cons:
- Cannot block all types of ads, like YouTube pre-roll adsโโ, but could be a con of other solutions too
- Some don’t like the interface as well as Pi-Hole
5. BIND: The Established Choice
BIND, or Berkeley Internet Name Domain, is one of the most well-known DNS servers in use. It is extremely reliable and flexible. It is widely used in the enterprise, but can also be very good to use at home as a learning experiment and also for practical DNS applications. it is both stable and secure.
Check out my walkthrough of BIND here: Lightweight DNS Server for VMware Lab.
Feature | Description |
---|---|
Community Support | Broad usage and strong open source community |
Stability | Used in millions of production DNS servers |
Platform Support | Supports Linux, NetBSD, FreeBSD, OpenBSD, macOS, Windows |
Functionality | Covers all basic DNS functionalities |
Pros:
- Broad usage and strong community support, making it a standard in Linux systemsโโ.
- Known for stable and predictable operationโโ.
- Supports a wide range of platformsโโ.
- Covers all basic DNS functionalitiesโโ.
Cons:
- Lacks APIs, which makes automation of configuration and deployment more difficultโโ
- Not as intuitive and must be configured from the command line primarily
The Role of DNS in Internet Connectivity
DNS servers are the “phone book” of the Internet and translate the human-readable domain names that we can remember to the underlying IP addresses that are not easy to remember. When you open a browser and type in the name of a site on a PC, Android or iPhone, PS4, computer, etc, whether you are on a LAN or Wi-Fi connection, your DNS server looks up the name and translates it to the IP that your device can use to connect to the web server or other resource, locally, or across the world.
Understanding the impact of DNS servers on Internet connection is key. It does make a difference which DNS server addresses you configure in your network connection. Not all free DNS servers are created equal. Where do you configure DNS settings? Below, we see the IPv4 properties in Windows 11 (or IPv6). If you look at the General tab, you will see the primary and secondary DNS servers you can configure. Having two servers configured is the best way as it helps ensure uptime and everything is reachable, in case primary server is down or unreachable. Keep in mind these are not used for load balancing per se, but failover.
Why DNS Caching is Key to Performance
One of primary advantages with running your own DNS server at home is the ability to cache DNS queries. So, instead of your devices reaching out to the Internet for a DNS hostname and resolving that to an IP address, you bring that exchange local to your home network. Many routers and other commodity network devices may also cache queries, but they don’t provide the features and capabilities of the solutions we have covered.
With DNS caching, queries are stored temporarily which reduces the need to repeatedly resolve the same domain names. This process speeds up website loading times due to faster name resolution.
Once a DNS server caches a domain name, further requests for that domain can be answered quickly, bypassing the process of querying multiple DNS servers. This accelerates web page access and reduces the load on DNS servers. This makes the overall DNS name resolution process more efficient. Note the following tests I performed with DNS Benchmark.
Below you can see the DNS Benchmark (dnsperf) used shows the latency and speed of the DNS servers. The first IP address in the list is my local caching DNS server that I have configured and is handed out by my router to clients. You can see the relative speed of all the rest. This directly impacts games, apps, and all other connections.
You can see the cached and uncached latency for query results for my on-premises DNS server. For cached, it is about 2 milliseconds and uncached about 40.
Now, you can see the difference in a public DNS server and the latency between the query results. For cached queries it is about 26 milliseconds and 79 milliseconds for uncached.
Wrapping up Best DNS Server for your needs
Having your own self-hosted DNS server provides advantages. You can benefit from the super fast speed of cached queries accessible from your LAN and reduce the number of outbound DNS connections to the Internet. This will be noticeable for most when it comes to things like gaming, self-hosting, application response, and other use cases. The five solutions I mentioned in the post are some of today’s best solutions. However, no matter which one you try, they will all greatly benefit your home Internet experience and help keep your environment safe.